Sessions legislation moves to floor

Published 12:00 am Monday, October 24, 2005

Contributed report

WASHINGTON – The Senate Judiciary Committee today approved and sent to the floor legislation authored by U.S. Sen. Jeff Sessions (R-AL) that would require businesses and organizations to notify consumers who may be at risk of identity theft as a result of data security breaches.

“For the fifth year in a row, identity theft has topped the list of fraud-related complaints to the Federal Trade Commission,” said Sessions, a Judiciary Committee member.

Email newsletter signup

“Individuals need to have confidence that they can transact business online or otherwise without the fear of identity theft.”

Sessions introduced the legislation last June, following a series of high-profile data security breaches.


bill, the Notification of Risk to Personal Data Act of 2005, requires businesses and organizations in possession of computerized data containing sensitive personal information to implement and maintain reasonable security and notification procedures.

Sensitive personal information consists of such things as name, address, telephone number and Social Security number.

Should a business or organization’s database be breached, resulting in a significant risk of identity theft,

Sessions’s bill would require notification of the affected individuals.

“This bill does not overreach on the issue of privacy,” Sessions said, “but alerts consumers that their personal information has been compromised in a way that could result in a significant risk of identity theft.

It avoids the pitfalls of over-notification and provides incentives for companies to protect sensitive data.”

Some states already have data security and notification requirement laws. Sessions’s bill would create a national legal framework, pre-empting such state laws.